For SMB’s to Enterprises & Governments, cybersecurity is critical. In fact, in 2020, more than 60 percent of businesses experienced a cyber attack. Due to COVID-19, As mobile work forces have nearly doubled since the pandemic to keep employees and customers safer at home, according to a recent Gallop poll on remote work trends, so have the number of cyber-attacks. Employees were quickly tossed into a world of remote work while using tools such as Microsoft 365 and other cloud-based software and apps. The urgency to adapt left many companies unprepared without proper cyber security protection. What’s worse, cyber criminals took advantage of a golden opportunity to do what they do best: prey on new and unsuspecting targets and cash in.

It Only Takes One Device to Gain Access to Your Company’s Network

What businesses may not realize is that mobile security may be their weakest link. A cyber criminal only needs to break into one unprotected mobile device (mobile phone, laptop, or tablet) in a company to gain access to the entire network. Intrusions like this can be crippling to an SMB, costing the company revenue, disrupting its operations, endangering its critically important data assets, and ruining customer relationships. In fact, the impact can be so devastating that when a small business is impacted, approximately 60% are unable to recover and go out of business within 6 months of a cyber-attack.

The increase in employee mobility has revolutionized the way we do business, but it has also created new security risks. On average, mobile users spend approximately 80% of their time outside of the protected corporate network, as they access the web from locations other than the office or company locations, according to Zimperium.

With this increased mobility, far too many devices are unprotected against increasingly sophisticated hacker techniques – especially when mobile device security patches and upgrades from company IT departments aren’t being installed.

But there are defensive moves that can help prevent cyber-attacks on Enterprises. One of those strategies is to adopt a multi-layered cybersecurity solution to outwit the hackers. We’ll address that later, but first, let’s look at why hackers focus on mobile devices.

Top Five Reasons Hackers Target Mobile Devices

1. Steal credentials and passwords. Hackers know that most people use the same passwords across all their mobile devices and applications. If they can figure out the password and get access into the mobile device, it’s easy to move to the user’s laptop and then to the corporate network. Mobile devices are the entryway to a whole world of opportunity for intruders.

Since the pandemic began, phishing attacks have increased 6x with approximately 90% of all breaches starting with a phishing attack where a scam artist uses official looking fake emails, to trick an individual into giving away information (passwords, bank details, etc.) With so many emails being read via a mobile device these days, it’s a target-rich environment to steal credentials and passwords. And the fact that mobile users are dealing with a smaller screen, are often distracted due to multitasking, and can’t see a URL bar that might alert them to something suspicious makes them more vulnerable than they would be at the office on a laptop.

2. Obtain company data. Approximately 50% of cyber-attacks on small businesses focus on stealing company information and/or customer proprietary data, such as Adhaar Card, PII data and credit card information. If an employee is using their mobile device for email or to access corporate data, the hacker may be able to easily seize it. Because all email and attachments reside in one folder on mobile devices, hackers know exactly where to find and download data.
3. Conduct reconnaissance. When cyber criminals gain control of your device, they can also turn on your microphone or your camera, and spy on you. If the CEO is using their mobile phone to negotiate a big deal, once the hacker has compromised the phone, they can hear every word. A lot of powerful movers and shakers live by their mobile devices, and the last thing they would want is someone knowing their every move.

If the hacker has access to your device, they also have access to your contacts and your calendar and can figure out just the right time to turn on the recording function. It won’t be during your dentist visit; it will be when you’re meeting with a client or a potential client. If that hacker has targeted you individually because of your position in your company, what they learn in their spying could be incredibly valuable to a competitor or even a foreign government.

4. Land and expand. That is, to go beyond control of the device to higher value objectives, such as the corporate network. There are many ways that someone who has compromised a mobile device can gain corporate access. There is the simple approach, which is to use the device that the hacker now controls to send texts and emails posing as the legitimate user to gain further information or cause disruption. Or, through control of the device itself, the hacker can leverage the mobile devices’ connections to the corporate Wi-Fi network when the user goes back to the office and re-connects.

A hacker can also take advantage of the guest network in a target company’s lobby. Once they log onto the network, they can see if there are more people connected than are actually waiting in the lobby at that time. This is a good indicator that employees may be using the guest network to go outside the company firewall and access apps and sites that the corporate network is blocking. The hacker can then easily trick a user into downloading what appears to be a game, take control of their device, and set up super-admin privileges for themselves that open up the entire network for malicious use.

5. Deliver malware. Ransomware and malware can provide direct financial gain to a hacker. That was the case with the Wanna Cry ransomware attack in 2017 that informed recipients that their device was encrypted and instructed the victims to send payment in Bitcoin to unlock their device.

The hackers behind Wanna Cry specifically targeted Android devices. They accessed a Wi-Fi network, scanned all the connected Android devices, and determined which ones were susceptible to their ransomware. They infected one phone and then–when the user got back to the corporate office and logged onto the company network–they were able to lock up entire companies and demand ransom payments.

Protecting Your Business and Users from Bad Actors

Thanks to the pandemic and the growth in mobile workers, Enterprise cyber security has never been more important. To protect your business from a potentially catastrophic cyber-attack, you need to enforce a zero-trust mentality to guard against potential threats. That means taking a proactive approach to threat management–and how you monitor the people, systems, or services accessing your network.

There are many ways for hackers to gain access to your network for any one of the five reasons we mentioned above. Each avenue requires a specific cyber security solution to ensure your data is protected.

We help Enterprises in protecting these attacks on new Endpoints and the Mobile Apps being used by your customers:

• Mobile Device Protection for Enterprises with a cloud-based security solution that allows company employees to be protected regardless of how or where they access the internet.
• Mobile Device Protection for Governments & Law Enforcements with a On Prem based security solution that allows Government officials to be protected regardless of how or where they access the internet.
• Mobile Application Security– Build your Apps securely and get visibility on the attacks happening on your apps in real time and take actions on the fly to prevent fraud and secure your Confidential App data being stored on the device which may be compromised.
• Threat Remediation – Real time Zero day Threat Detection and seamless integration with top MDM’s like Vmware Workspace one , Soti, Microsoft Intunes etc.
• Monitoring– Out of Box integration with Top SIEM solutions to give customers single Pane of glass to visualize the attacks on these Mobile Endpoints.

Every device that accesses your network poses a risk to your business. If you start with these options in mind as the framework for what you need to protect your business from the growing number of cyber-attacks that are coming your way, you’ll be on the right track.

For more information about how Cyber Armor can help your business detect, prevent, and remediate cyber-attacks, reach out to us on contact@cyberarmors.com .